Wednesday, April 27, 2011

PlayStation Network Blues

As most of you are aware, the Sony PlayStation Network was compromised last week.  The story has been all over the interwebs ever since.  Sony has been pretty hushed about the affair, at least until yesterday.  I, and every other PlayStation Network subscriber, received an email detailing what Sony believe was taken by the intruders.  Here's the list:
  • Name
  • Address (including City, State, Zip, Country)
  • Date of Birth
  • User name
  • Password
  • Email address
  • Your security questions and answers
  • Oh, and let's not forget credit card data

At this point, Sony is saying they don't believe the intruders were able obtain the CC's expiration date and security code, but with such an extensive amount of data lost, it seems stupid to plan for anything but that.

For now, Sony is recommending that if you've used the same user name and password for anything else, anywhere else on the internet, that you immediately change that password on those sites.  They're also recommending that you contact one of the credit bureaus and place a "fraud alert" on your account.  This will cause any business to take extra steps when anyone attempts to gain credit using your information.  Although, a personal friend of mine has done this due to a prior compromise to his personal data, and he explained that what extra steps are taken are completely up to the discretion of the business that's requested the credit information.  Meaning they may be vigilant, or they may do nothing.  They are not required to do anything at all.

Experts have encouraged us for years to shred our discarded documents and not hand out our Social Security Number's to just anyone in order to protect our identity's.  While that's important, I've always maintained that the real threat comes from the poor security implementations at the companies we do business with. This is the second time in a month my personal data has been lost by a corporation due to their incompetence.  Big ones you'd expect to have their shit together!  In the first instance it was my bank that notified me, but they weren't the ones that lost it.  Apparently they like to store my data on another firms computers, and they lost my data!

What's our recourse, what can we do about it?  Pretty much, not a damned thing.  Other than now having the increased burden of personally enacting even tighter vigilance to protect our financial well being, there's nothing we can do.  Because of some company's bumbling IT Security squad, the onus is on us to take even more steps to protect ourselves.  But what's really frustrating is that there's nothing we can do to prevent this in the future.  At least right now, there's no other alternative.  If you want to do business with some company, you must provide your personal information to them and trust that Cletus, head of security, knows what the hell he's doing and is going to keep your data safe.  Well, he'll get to it as soon as he gets back from the crawdad hole.

Fred's Take
First, I'm uncomfortable with the onus.  I particularly don't like to have onus anywhere around me and I DO NOT like it on me.   Tim is right that there's nothing we can really do about our personal data but our data is unchanging and out there anyway.   Ever rent an apartment?  Well your social security number is sitting in someone's filing cabinet.   You think the rathole places you rented from when you were young properly shredded those files?   You think that cabbie who's credit card machine stopped working is going to properly handle the imprints of your card and the info on the back?  You think someone isn't going to run up to your mailbox and grab out a couple of your credit card bills?   Lots of info on those.

All that stuff is already out there.  Our security has come down to how secure the login process is on our accounts.  People are going to attempt to open up fraudulent accounts no matter what.   What we need to do is protect the existing accounts.    Now I could go on and on about not using your daughter's birthday as the password to your bank account.  (And no, adding your penis size to that number doesn't make you more secure, it just makes your H1 purchase a little easier for us to understand).

There are plenty of tools out there but I'm going to reccomend Roboform because it works and I've used it for years.  Spend a couple of extra bucks and get Roboform Everywhere.  You can use this on all your devices and all your accounts follow you around.   Make one long-ass hard password that has different birthdays and special characters and maybe your favorite physics formula, throw in a couple of children's names, some movie trivia (then add your penis size) and now you've got a good secure master password.

Now just use the tool to auto generate long random-ass passwords that are different for every site.  If one gets hacked, the rest are still secure.  I don't know what any of my passwords are now.  I don't have to.  I have one that I remember and rest takes care of itself.  We get no money from these guys.  (Not because of some integrity thing but because we don't know how to work that angle.)  All kidding aside, this is a solid tool, works well and makes it easy to have ultra secure passwords unique for every site.  It's 10 bucks a year people.  If you can't afford that, you may want to consider the possibility that you may not be high on the hacker's list anyway and that subscription to the PS3 store may be a little beyond your means right now.

Just sayin...

No comments:

Post a Comment

F1 Passions run deep and strong. Vigorous but friendly discussion is something we're shooting for.

Don't be a jerk.

Related Posts Plugin for WordPress, Blogger...